2,959 Posted Topics
 | Hi ysb21189, The formatting of the last HJT log you posted came out a bit weird in terms of line breaks and spacings, making it rather difficult to read. Could you try to repost that log so that it appears like your your first log formatting-wise? Thanks.  |
| | Hi dabrizzy, welcome to the site :) You've got a few different infections showing up your log; please do the following: 1. Run a couple of these free online anti-virus/anti-spyware scans; have them clean what they can: [url="http://www.kaspersky.com/scanforvirus.html"]http://www.kaspersky.com/scanforvirus.html[/url] [url="http://housecall.trendmicro.com/"]http://housecall.trendmicro.com/[/url] [url="http://www.pandasoftware.com/activescan/com/activescan_principal.htm"]http://www.pandasoftware.com/active...n_principal.htm[/url] [url="http://us.mcafee.com/root/mfs/default.asp?cid=9914"]http://us.mcafee.com/root/mfs/default.asp?cid=9914[/url] [url="http://www.ravantivirus.com/scan/"]http://www.ravantivirus.com/scan/[/url] [url="http://www.bitdefender.com/scan/licence.php"]http://www.bitdefender.com/scan/licence.php[/url] 3. Download, install, update, and run these … |
| | Re: Winsock.scr Help 1. Have hijackThis fix: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://www.shopnav.com/search/9886/search.html"]http://www.shopnav.com/search/9886/search.html[/url] F2 - REG:system.ini: Shell=Explorer.exe winsock.scr 2. Search your system for winsock.scr, and delete the file if you find it. Make sure your system is set to show hidden files and folrders: Open Windows Explorer, and in the Folder Options->View … |
| | You need to give us the exact make/model/version # of your wireless card. |
| | Hi maynd, Judging fom your log, it looks like the work you've already done may have cleaned up most of the problems. The log isn't [i]entirely[/i] clean yet though, so... 1. Run HijackThis again and have it fix: [b] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.specialgoods.info/ad/ad0415/"]http://www.specialgoods.info/ad/ad0415/[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local … |
| | Those are symptons of one the known "nasties" going around lately. I'm moving this to our security forum now, as that is where we deal with such issues. To begin with, please do the following: Download the (free) [url="http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe"]HijackThis[/url] utility: Once downloaded, follow these instructions to install and run the … |
| | [QUOTE=sundaypuncher]I looked at my hardware manager and windows thinks my drive is a SCSI drive. [/QUOTE]Interesting... What [i]exactly[/i] does Device Manager say in that regard? |
 | Google has a [url="http://www.google.com/linux"]Linux-specific search function[/url]; you'll get more focussed results if you use that when looking for Linux info. DVD usage in Linux has been hampered by copyright, patent, anti-piracy and other such issues. There are no [i]technical[/i] roadblocks in to playing DVDs in Linux, but you'll need to … |
| | Your log [i]does[/i] indicate some signs of the Aurora/Nail.exe infection. Please follow these removal instructions: Please download the trial version of Ewido Security Suite here: [url]http://www.ewido.net/en/download/[/url] Install it, and update the definitions to the newest files. Do NOT run a scan yet. Please download Nailfix from here: [url]http://www.noidea.us/easyfile/file.php?download=20050515010747824[/url] Unzip it … |
| | 1. C:\Windows\rundll32.exe and C:\Windows\System\Internat.exe are real Windows files. The virus may have overwritten or altered them, which means that you may have to install fresh copies of the originals to replace the infected versions of the files. We should determine that before going any further. Please do the following: - … |
| | [QUOTE=Catweazle]To minimise the amount of time spent disable all running programs before defragging. If your drives are accessible in Safe Mode you are best to defrag from there.[/QUOTE]Right. If you experience extremely long defrag times, or if the defrag program keeps restarting itself, that's usually due to other open/running programs …  |
 | [QUOTE=C++]server_crash, thanx but i already know that. I wanted 2 make a program that tells u the ip address of the inputted domain name. thanx anyway.[/QUOTE]The ping command referenced in Catweazle's link [i]will[/i] return the IP, although by default it will query a site 4 times, echo a response for … |
| | That's a clean log, and neither Alexa nor the micro-128 virus would cause such behaviour as far as I know. Had you installed [i]any[/i] software around the time you first noticed this (think carefully...)? My first thought is that the icon is part of some freebie cursor accessory or the … |
| | Versions of that puppy have been around for a couple of years now; if you install the most current updates for your anti-virus program, that [i]should[/i] be able to clean it. If not, you can also try these free online anti-virus/anti=spyware scans: [url]http://www.kaspersky.com/scanforvirus.html[/url] [url]http://housecall.trendmicro.com/[/url] [url]http://www.pandasoftware.com/activescan/com/activescan_principal.htm[/url] [url]http://www.bitdefender.com/scan/licence.php[/url] [url]http://us.mcafee.com/root/mfs/default.asp?cid=9914[/url] [url]http://www.ravantivirus.com/scan/[/url] If the … |
| | 1. You [i]can[/i] bind more than one IP to a NIC and specify multiple gateway IPs in the card's advanced TCP/IP settings, although I'm not sure that's going to give you the exact functionality you're looking for. 2. Although it seems to be a bit of a [url="http://www.jargon.net/jargonfile/k/kluge.html"]kluge[/url], I think … |
| | Hey Danny, As always, the "your mileage may vary" caveat applies, but: I've done the manual removal thing, including Registry pruning, for Norton/Symantec products and other programs without any ill effects. Due to shared library issues and the like, it [i]can[/i] be hairy if you've got different versions of the … |
| | [QUOTE=Kamex]I have recently heard that 'nix-like user permissions are possible with Windows XP. I have also heard, however, that XP's user permission system is far more primitive.[/QUOTE] One thing to keep in mind if you're concerned about permissions/user rights/access policies: there's a big difference between XP Pro and Home in … |
| | [QUOTE=dbl03]...and then the person helping me just stopped helping me for some reason[/QUOTE]We're only volunteers here; "real life" responsibilities often keep us from being as active here as we would like. That's a clean log. Are you still experiencing problems? If so, let us know what they are and we'll … |
| | Hi mlbrooks1, Can you please try posting that log again? As you can see, something really strange happened with the formatting; it's very difficult to read. Thanks. :) |
 | Hey T_I, Thanks for the heads up on that particular version of "Phishing" scam. There are so many of them going around lately that it's hard to keep up. I've removed the email link you posted for security reasons, but here's the direct link to PayPal's warning regarding the scam: … |
| | Re: Hijack Log Hey T_I, I don't have time to give you a per-process description of all of the entries right now, but they're all legit; no signs of nasties in that log. Some of the programs (smss, svchost, winlogon, lsass, services, etc.) are built-in Windows processes; the ATI stuff is video/display related; … |
| | [QUOTE=Studio]when i try to eject the CD via pushing the button on the side of the drive...the Drive just wont open[/QUOTE] [QUOTE=Studio]now i know this has to be a software issue coz when i do the manually process of opening the drive it opens[/QUOTE] Those two statements contradict each other- … |
 | An even deeper discussion/explanation of the function of the 127.0.0.1/localhost/loopback address (and the hosts file as a whole) would only make your head implode even faster, so I'll skip the painful details :mrgreen: To answer your question, though: I wouldn't say that the hosts file in an "important" part of … |
| | One infection down, one to go: In your Start menu, click the "Run..." option, type the following command in the "Open:" box, and click OK: services.msc When the Services console opens, locate "System Startup Service", right-click on it, and choose "Properties". On the "General" tab under "Service Status" click the … |
 | Re: AMD 64bit linux The latest full-release versions of SuSE, Fedora, Mandriva (formerly Mandrake), and Gentoo are all available for the AMD's 64-bit platform as far as I know. |
| | Yikes! :eek::eek: That's an extremely heavy infestation; We'll need much more than HijackThis to fix things. 1. Download the following three utilities and run them consecutively: [url="http://www.intermute.com/spysubtract/cwshredder_download.html"]CWShredder[/url] [url="http://www.majorgeeks.com/download4289.html"]about:Buster[/url] [url="http://www.majorgeeks.com/download4286.html"]HSRemove[/url] CWShredder and about:Buster have an online update function; use that before having them scan and fix. For CWShredder, click the "Fix" … |
| | Re: S & D problems Hi foxkueh, - Your log looks clean, except perhaps for this entry: O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) WinPcap is a network packet-capturing tool. It [i]can[/i] be used for legit network analysis and troubleshooting, but it … |
| | I could be wrong, but that looks suspiciously like the work of a malicious infection. Can you give us more detail on the problem: - When exactly does this message come up? - When did it start happening? - Had you done any software installations/uninstalls/upgrades at around the time you … |
| | You don't usually see drivers in Add/Remove Programs. The wireless card's utility software (if it comes with any) might be listed there, but you should look in Device Manager to check the NIC and its drivers status. A few questions to start with: - Does the wireless NIC appear in … |
| | You can fit those 4 operating systems in 40G, but things will probably get a little tight if you plan on installing tons of apps or storing a lot of data. There are a lot of suggestions for multi-booting combinations of the operating systems you want to install in this … |
| | You have a variant of the CoolWebSearch/Home Search Assistant parasite. 1. About:Buster should have helped, but it doesn't seemed to have done the trick. Please download and run these additional removal tools: [url="http://www.intermute.com/spysubtract/cwshredder_download.html"]CWShredder[/url] [url="http://www.majorgeeks.com/download4286.html"]HSRemove[/url] 2. Run HiajckThis again and look for entries similar to the following: [b] R1 - HKCU\Software\Microsoft\Internet … |
| | Hi AlliAnne629, welcome to the site :) As a new member I'm sure you were unaware of this, but one of our forum guidelines is that HijackThis logs only be posted in our Viruses, Spyware, and other Nasties forum. I'll move this thread to that forum for you now. |
| | H rvince, Just a polite suggestion: For clarity, please use full english sentences when posting advice in the forums. Being an international support site, many of our members have a hard enough time with the english language to begin with. Posting your advice in "Instant Messenger" english only makes it … |
| | [QUOTE=Catweazle]If you plan to share files then you need a partition type which your Windows version can access. That's either FAT32, or for recent and reputable Linux distros NTFS.[/QUOTE]A good point. You'll find that being able to share files between Windows and Linux is a pretty handy thing on a … |
| | A couple things to keep in mind regarding "Temp housecleaning": 1. There's a difference between the Temp and Temporary Internet Files folders, so you should be specific when referring to either. When you delete via Internet Options, you are deleting the contents of your Temporary Internet Files folder, but not … |
| | Greetings fledgling Penguinistas, Welcome to [url="http://www.justlinux.com"]The Dark Side[/url]. MUUUAHAHAHAHA!!!! [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/possessed.gif[/img] :mrgreen: :mrgreen: |
| | Please do the following to start with: Download the (free) [url="http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe"]HijackThis[/url] utility: Once downloaded, follow these instructions to install and run the program: Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do. Run … |
| | That does sound like a classic webmail account hijack, and unfortunately- you may be up the proverbial river in terms of getting it back. If it really is a hijack, the person responsible has probably not only changed your password and "secret question", but has aslo altered your personal account … |
| | [color=black]msnistehrwn.exe seems to be a component of one of the newer variants of the SDBOT worm, and yes- it can disable Task Manager. However, your log is clean; it shows no indication of the worm's startup entries, etc. Given that, can you give us a few details please? [/color]We'll need … |
| | Just to add to what the others have said: [QUOTE=JamieLynn]...but my browser said that it needed to connect via dialup in order to work.[/QUOTE]That's usually due to a conflict/misconfiguration in the network connection settings of Windows itself and/or your ISP's connection software. If you have access to a broadband Internet … |
| | There a few different infections indicated in your log. 1. Please download and run the following (free) detection and removal programs to get things cleaned up a bit before we dig in with HijackThis: [url="http://www.lavasoftusa.com/"]Ad Aware SE Personal[/url] [url="http://www.safer-networking.org/"]SpyBot Search & Destroy[/url] [url="http://www.ewido.net/en/download/"]ewido Security Suite[/url] [url="http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en"]Microsoft AntiSpyware beta[/url] Before you … |
| | If that behaviour is occuring even in Safe Mode, there's a good chance that you have physically corrupt sectors on your hard drive. Drive manufacturers often have low-level utilities which can download and run to test a questionable drive. Find the make/model of your drive and see if such a … |
| | Although it's not an absolute indication that your entire system is infection-free, that log is squaky clean. :) Problems like you describe are pretty common with Internet Exploder, and many of the causes are not virus/spyware-related. 1. Use our Search function to find the many threads that we've had on … |
 | 1. Download, install, and run [url="http://www.majorgeeks.com/download4289.html"]about:Buster[/url] and [url="http://www.majorgeeks.com/download4286.html"]HSRemove[/url]. 2. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up) - Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files … |
| | 1. To get to the Safe Mode boot option, tap the F8 key repeatedly as your computer is starting up (before you see the Windows start-up screen/logo). 2. [QUOTE]I get nothing but a Windows explorer error message[/QUOTE]Please give us the [i]full and exact[/i] text of the error, including any numeric … |
| | 1. Please download and run [url="http://www.majorgeeks.com/download4289.html"]About:Buster[/url] and [url="http://www.majorgeeks.com/download4286.html"]HSRemove[/url]; they should help clean up the "tqyhc.dll/sp.html#12345" infection. 2. Print out the following instructions, as you will need to be offline for the rest of this: 3. [color=Red]Close all Internet Explorer and Windows Explorer windows[/color]. Run HijackThis again and have it fix … |
| | [QUOTE=ChrisSilke]I would like to bridge my two Network cards so that I can share my wireless internet connection.... when I go to the properties of the 2 Nic cards and Uncheck Internet connection sharing and then I go to bridge the 2 cards it still says that internet connect is … |
| | 1. If you're using Win 2000 or XP, open the Event Viewer utility in your Administrative Tools folder. From there you can review your System and Application logs to see if there are error or warning meassages related to the crashes. If you find such messages, double-click on them to …  |
 | [QUOTE=JANINE]so how could i put two file systems on the same hard drive without any conflicts or problems.[/QUOTE] As Christian said, filesystems are specific to [i]partitions[/i], not drives. Given that, the way to have more than one filesystem on a drive is to partition/repartition the drive into multiple partitions; you … |
| | 1. Downloadable ISO of many distros are available at [url]www.linuxiso.org[/url], including an ISO for Knoppix, a popular "Live CD" distro (and yes- you got the definition of a Live CD right). 2. In terms of remote connectivity from/to Windows boxen, there are a few different options; SSH/Putty, rdesktop, or one … |
The End.